Static Scan Results
scanned 4h ago · by rust-scannerStatic analysis flagged 23 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Decision evidence
public snapshotSource & flagged code
13 flagged · loading sourcePackage contains a critical-looking secret pattern.
cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjsView on unpkg · L5RSA private key in cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjs
cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjsView on unpkg · L5RSA private key in cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjs
cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjsView on unpkg · L129Package source references child process execution.
cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjsView on unpkg · L49A single source file combines environment access, network access, and code or shell execution; review context before blocking.
cdk/cdk.out/asset.530567cf1e6fd5236cd0e483ba02427949a4a68b619db930921f8d3ba9f03689/index.mjsView on unpkg · L49Source reaches cloud instance metadata or link-local credential endpoints.
assets/admin/cli.mjsView on unpkg · L2Package source references weak cryptographic algorithms.
assets/admin/cli.mjsView on unpkg · L2Package ships non-JavaScript build or shell helper files.
bin/deploy.shView on unpkg